LexisNexis® Legal Newsroom
Data Security cyber liability USB Drive Locked

That Time the Entire Cyber Security Exposure Narrative Changed

The hack attack on Sony Pictures Entertainment was massive, and it had a devastating effect on the company. As detailed in the December 30, 2014 Wall Street Journal article entitled “Behind the Scenes at Sony as Hacking Crisis Unfolded,” ( here ), the hackers who attacked Sony’s systems...

Will Investors Sue Over the Sony Hack Attack?

As I noted in my recent rundown of the top D&O stories of 2014, one of the most important developments during the year just finished was the emergence of cyber security as a D&O liability concern. During 2014, plaintiff shareholders launched cyber breach-related derivative lawsuits against the...

As Part of White House Cyber Security Initiative, President Proposes Uniform Data Notification Rules

As previously discussed on this blog (refer for example here ), over the years there have been a number of different responses from the federal government to the threat of cyberattacks on U.S. companies and infrastructure, but overall the government’s track record on the issue is mixed. However...

Data Breaches-A New Topic For Collective Bargaining?

by Martin J. Saunders The NLRA requires employers whose employees are represented by a union to maintain the employee’s existing terms and conditions of employment and to negotiate with the union before implementing any changes to those conditions. Even fundamental changes in the business itself...

State Net Capitol Journal: Utah Cyberattacks Up 10,000-Fold

A few years ago, government computer systems in Utah were sustaining 25,000 to 30,000 attempted cyber-attacks a day, which Utah Public Safety Commissioner Keith Squires thought was a lot at the time. But last week Squires told a legislative budget committee that last year there were spikes of 300 million...

Preparing for a Data Breach – What to Know About Breach Notification

by Kelsey S. Farbotko Data breaches are at the forefront of the news, and many companies, including those dominant in the health care industry, have found themselves front and center in the headlines. Although recent news stories have focused their attention on attacks on major, nationwide companies...

NYDFS Advocates for Increased Cybersecurity Regulation by State Agencies

by H. Scott Kelly and Michael E. Lacy On February 25, the Superintendent of the New York Department of Financial Services (“DFS”), Benjamin M. Lawsky, spoke at Columbia Law School regarding the increased role of states as regulators, especially in the case of emerging risks such as cybersecurity...

Thinking About the Data Breach Securities Class Action Lawsuits Yet to Come

There has been extensive litigation filed in the wake of the many high-profile data breaches over the last several years, but by and large the lawsuits have been filed on behalf of consumers or employees. Along the way, there have also been lawsuits filed against the directors and officers of the companies...

Russia's New Personal Data Localization Law Goes into Effect in September 2015

To the extent a company doing business in Russia has not yet done so, it should consider whether Russia's Personal Data Law and its data localization requirement apply to its business, and, if so, begin compliance planning promptly. On December 31, 2014, Russian President Vladimir Putin signed...

Taking Control of Cybersecurity: A Practical Guide for Officers and Directors

Major cybersecurity attacks of increased sophistication — and calculated to maximize the reputational and financial damage caused to the corporate targets — are now commonplace. These attacks have catapulted cybersecurity to a top priority for senior executives and board members. To help...

Keller and Heckman LLP Telecom Business Alert – 900 MHz Broadband, Drones, Net Neutrality, FirstNet, NG911, And Data Security

900 MHz Reallocation | Almost a dozen parties filed comments last week in response to the FCC’s Public Notice seeking input on a supplement to the Petition for Rulemaking filed jointly by Pacific DataVision, Inc. (PDV) and the Enterprise Wireless Alliance (EWA). The Petition seeks to realign...

47 State AGs Ask Congress to Preserve Their Authority to Investigate Data Breaches

by Siran S. Faulders , Steve D. Rosenthal and C. Reade Jacob, Jr. On July 7, 47 state attorneys general signed onto a multistate letter to the U.S. Congress emphasizing the importance of maintaining states’ authority to enforce data breach and data security laws, and their ability to enact laws...

Even Small Businesses Need to Pay Attention to Data Security

by Devin J. Chwastyk When people think about data breaches, corporate giants like Target, Home Depot and Michael’s spring to mind. But even small businesses holding personal information can face costly consequences if a breach occurs. In the past, cases only proceeded in the courts if plaintiffs...

Needed Now: Experienced and Talented Cybersecurity Professionals to Protect Government Data Systems

The announcement on June 4th of a massive cybersecurity attack that compromised data stored on Office of Personnel Management (OPM) systems for 4.2 million current and former federal employees is the most recent head-smacking report of how porous the government’s cyber defense systems apparently...

Student Data Protection in an Era of Education Technology Innovation

Reaching a Congressional Consensus Will Likely Require Additional Deliberation As summarized in this Alert , the congressional proposals introduced thus far take very different approaches to addressing how to protect the privacy of student data. During the current 114th U.S. Congress, a variety...

States and Congress Differ on Security-Breach Regulation

by Korey Clark Nearly every state in the country has passed a law requiring private or government entities to notify individuals about security breaches involving their personal information. And states have been toughening those laws in recent years. But cybersecurity legislation pending in Congress...

Third Circuit: FTC May Pursue Data Breach Enforcement Action Against Wyndham Worldwide

On August 24, 2015, in a ruling that was much-anticipated because of its potential implications for the regulatory liability exposures of companies that have been hit with data breaches, the Third Circuit affirmed the authority of the Federal Trade Commission to pursue an enforcement action against Wyndham...

When Data Hacks Lead to D&O Lawsuits, Actual and Threatened

Many observers, including even this blog, have speculated whether the rising wave of data breaches and cyber security attacks will result in litigation against the directors and officers of the affected companies. Indeed, in 2014, there were two sets of lawsuits filed against the boards of companies...

Data Breach-Related Derivative Lawsuit Filed against Home Depot Directors and Officers

In early 2014, when plaintiffs initiated data breach-related derivative lawsuits against the boards of Target Corp. ( here ) and Wyndham Worldwide ( here ), there was some speculation that these cases might be the first of what could become a wave of data-breach related D&O lawsuits. But then the...

FTC Urges Start-Ups to Incorporate Cybersecurity Early

by Mary C. Zinsner and Ethan G. Ostroff The Federal Trade Commission is proactively encouraging start-ups to take cybersecurity seriously and include consumer data safeguards early in the innovation process. At the FTC’s Start with Security conference in San Francisco on September 9, FTC Chairwoman...

Book Review: Cyber Risks, Social Media and Insurance

We live in a world in which rapidly shifting technologies and communications modalities have changed the way we interact and conduct business. These new media and means of interaction have introduced innumerable benefits and efficiencies. Unfortunately, these new alternatives have down sides; among other...

Day-After-Safe Harbor Action Plan

by Boris Segalis , Marcus Evans and Jay Modrall As we have written extensively, the European Court of Justice’s (ECJ’s) ruling in the Schrems case on October 6, 2015 may effectively invalidate the US-EU Safe Harbor framework. While we believe that the Advocate General’s rationale...

The Status of EMV

by Jacqueline M. Allen The October 1, 2015, deadline for merchants to become EMV compliant or potentially face increased liability has come and gone. Yet, a significant number of both card issuers and merchants have not yet made the switch. EMV is the acronym for the Europay, MasterCard, and Visa...

Discussion of Recent Invalidation of the US-EU Safe Harbor Framework for Online Privacy

Last week, I was a guest on the “This Week in Law” Podcast, where I talked about the potential impact of the recent invalidation of the US-EU Safe Harbor framework for online privacy. This will likely have far-reaching consequences for startups with users in the EU. Click on the link below...